Changes to the cmirrord policy module

Module clean up

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>

cmirrord.fc

@@ -1,5 +1,5 @@
 /etc/rc\.d/init\.d/cmirrord	--	gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
 
-/usr/sbin/cmirrord		--	gen_context(system_u:object_r:cmirrord_exec_t,s0)
+/usr/sbin/cmirrord	--	gen_context(system_u:object_r:cmirrord_exec_t,s0)
 
-/var/run/cmirrord\.pid		--	gen_context(system_u:object_r:cmirrord_var_run_t,s0)
+/var/run/cmirrord\.pid	--	gen_context(system_u:object_r:cmirrord_var_run_t,s0)

cmirrord.if

@@ -1,8 +1,9 @@
-## <summary>Cluster mirror log daemon</summary>
+## <summary>Cluster mirror log daemon.</summary>
 
 ########################################
 ## <summary>
-##	Execute a domain transition to run cmirrord.
+##	Execute a domain transition to
+##	run cmirrord.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -15,12 +16,14 @@ interface(`cmirrord_domtrans',`
 		type cmirrord_t, cmirrord_exec_t;
 	')
 
+	corecmd_search_bin($1)
 	domtrans_pattern($1, cmirrord_exec_t, cmirrord_t)
 ')
 
 ########################################
 ## <summary>
-##	Execute cmirrord server in the cmirrord domain.
+##	Execute cmirrord server in the
+##	cmirrord domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -57,7 +60,7 @@ interface(`cmirrord_read_pid_files',`
 
 #######################################
 ## <summary>
-##	Read and write to cmirrord shared memory.
+##	Read and write cmirrord shared memory.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -80,8 +83,8 @@ interface(`cmirrord_rw_shm',`
 
 ########################################
 ## <summary>
-##	All of the rules required to administrate
-##	an cmirrord environment
+##	All of the rules required to
+##	administrate an cmirrord environment.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

cmirrord.te

@@ -1,4 +1,4 @@
-policy_module(cmirrord, 1.0.0)
+policy_module(cmirrord, 1.0.1)
 
 ########################################
 #
@@ -20,23 +20,22 @@ files_pid_file(cmirrord_var_run_t)
 
 ########################################
 #
-# cmirrord local policy
+# Local policy
 #
 
 allow cmirrord_t self:capability { net_admin kill };
 dontaudit cmirrord_t self:capability sys_tty_config;
-allow cmirrord_t self:process { setfscreate signal};
+allow cmirrord_t self:process { setfscreate signal };
 allow cmirrord_t self:fifo_file rw_fifo_file_perms;
 allow cmirrord_t self:sem create_sem_perms;
 allow cmirrord_t self:shm create_shm_perms;
 allow cmirrord_t self:netlink_socket create_socket_perms;
-allow cmirrord_t self:unix_stream_socket create_stream_socket_perms;
+allow cmirrord_t self:unix_stream_socket { accept listen };
 
 manage_dirs_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
 manage_files_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
 fs_tmpfs_filetrans(cmirrord_t, cmirrord_tmpfs_t, { dir file })
 
-manage_dirs_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
 manage_files_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
 files_pid_filetrans(cmirrord_t, cmirrord_var_run_t, file)